We present a novel model of malware for Android, named composition-malware, which consists of composing frag- ments of code hosted on different and scattered locations at run time. An key feature of the model is that the malicious behavior could dynamically change and the payload could be activated under logic or temporal conditions. These characteristics allow a malware written according to this model to evade current malware detection technologies for Android platform, as the evaluation has demonstrated. The aim of the paper is to propose new approaches to malware detection that should be adopted in anti-malware tools for blocking a composition-malware.Proc of. the 4th International Workshop on Security of Mobile Applications - ARES 2015